IN THIS ISSUE
Professionals Share Risk Management Perspectives
The IIA's 2004 Enterprise Risk Management and Control Self-assessment Conference keynote speakers provided insight on ethics, risk, and controls at the governance level.
COOPER OPENS CONFERENCE
At The IIA's Enterprise Risk Management and Control Self-assessment Conference in Las Vegas on Sept. 8, former WorldCom internal auditor Cynthia Cooper discussed strength of character and lessons learned from uncovering fraud. Cooper and current MCI auditor Glyn Smith, best known for uncovering the US $3.8 billion WorldCom fraud, told an audience of 350 participants that important lessons can be learned from corporate fraud to help improve corporate governance processes.
Taking the audience on a journey through the WorldCom auditors' experiences, Cooper and Smith summarized the events leading to the scandal and their involvement and communication with WorldCom's management, audit committee, and external auditors. They also shared their experiences of being labeled whistleblowers in the scandal's aftermath. Encouraged by family and personal ethics, Cooper said she does not regret her investigative persistence in identifying and reporting one of the largest frauds in U.S. history.
Touting numerous lessons learned, Cooper shared her views on business practices that should be adopted within internal audit shops, including:
- Ensuring the four cornerstones of corporate governance — external auditors, internal auditors, audit committees, and senior management — coordinate and communicate regularly.
- Conducting regular, one-on-one meetings with lower-level accounting managers to discuss accounting issues and material transactions.
- Incorporating forensic auditing into the audit process.
- Giving internal auditors free access to all accounting systems and records.
Suggesting that internal auditors get back to basics through expanded financial-transaction testing and other audit activities, Cooper said the challenges facing internal audit departments are greater than ever, including convincing management and the audit committee of the importance of internal controls and the need for sufficient resources to expand the enormous audit universe.
RICHARDS STEPS UP TO THE PODIUM
New IIA President David A. Richards, CIA, CPA, opened the second day of the conference by enlightening the general session audience on the global impact and value of enterprise risk management (ERM) and control self-assessment (CSA).
Richards asked internal audit professionals to pay attention to the basics of their responsibilities, including reviewing financial transactions, implementing fraud prevention and identification processing, and helping to ensure an organization's proper ethical climate. Describing an effective risk management process, he said internal auditors should serve as risk educators, participate in risk forums and risk management steering groups, and include detailed information about risk in all audit reports.
Richards highlighted key ERM and CSA trends, including legislative movements around the world emphasizing the need for risk management as well as signs that internal auditors are becoming more proactive in the use of risk-assessment processes. Although CSA has not been fully embedded in many organizations, he said, ERM is becoming known as a key ingredient in good governance, and internal auditors should promote its adoption and progression.
In Richards' closing comments, he encouraged the audience by saying, "It couldn't be a better time to be in the internal audit profession," and challenged participants to advocate risk management processes within their organizations while keeping internal audit standards and basic principles at the forefront of their audit activities.